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Apparatug^n#iYiethocl for conveying private information within a 
group communication system 



Technical field of the invention 

The present invention relates to an apparatus and method for conveying private in- 
formation within an established group communication. More in detail, the invention 
relates to communication between two parties within an established IP-multicast 
group where the group involves more than two participants. 

Background of the invention 

Media information can be distributed within a communicating group of users by 
means of so-called IP-multicast transmission. This multicast transmission technique 
relies on the principle that the information is transmitted to a multicast group and 
further copied in the network to participating parties who require a copy of the in- 
formation. 



Public information in a network of the above kind is distributed within the group of 
users by IP-multicast in the form of streamed media. However, there may be a need 
for distribution information of particular interest to only a sub-part of participating 
users, and distribute private messages exclusively within that sub-part of the partici- 
pating group. According to prior art technology, in such a case a special communi- 
cation channel is established between the sub-group members in parallel with the 
public multicast communication channel. However, network constraints, such as 
firewalls or other access limiting security arrangements may impede or even pre- 
clude transmission of non-multicast communication from reaching the intended re- 
cipient. This is a drawback associated with prior art, which limits the deployment of 
applications for group communication. Today, the trend in society is that measures 
are taken in the direction of enhanced security, and the security consciousness 
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among users ^^^e^A>^IiMnnistrators has increased. Therefore the need for an 
arrangement enabling communication, while simultaneously respecting network 
constraints and limitations, such as firewalls and other security measures, has be- 
come even greater than before. 



Summary of the invention 

It is therefore an object of the present invention to alleviate the previously men- 
tioned shortcomings of prior art associated with group communication services. This 

10 is accomplished by an apparatus and method for distribution of a streamed signal 
within a group of users in a computer network, the users accessing client terminals 
for participation in a multicast session, the apparatus comprising, 

connecting links adapted to connect the client terminals of users and 
related equipment, such as capturing means, to the multicast session, preferably via 

15 the Internet or other interconnecting network, 

an extension header being added to data packets of the streamed signal, 
the extension header comprising identification data relating to the intended recipient 
of a packet, 
characterised in that 

20 a filtering means associated with the receiving client adapted to filter 

out data packets having the address of the recipient and receiving the streamed sig- 
nal. 

Only one copy of the information is transmitted from the sender independently of 
25 the amount of receivers. Within a multicast group, as previously described, there 
may be a need for transmitting private or confidential information exclusively 
within only a subpart of the group, usually transmission one to one. By means of ad- 
ditional encryption, there is a further possibility of making also strictly confidential 
information which is distributed accessible to only intended recipients. This could 
30 be critical information not to be disclosed to all parties in a business negotiation, 
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keys and solutions* fo problems during an electronic educational meeting, individual 
tuition during an electronic meeting being part of distance learning, foreign affairs 
or political relations, etc. 

The present invention, which provides a solution to the mentioned distribution and 
confidentiality problem is advantageous in many ways. The previous need for es- 
tablishing a dedicated unicast connection in parallel with the existing multicast con- 
nection is no longer necessary. Communication of non-public interest, possibly of 
private or sensitive nature, may be executed during a public session. The advantage 
of the invention is hence the ability to reuse the existing communications channel 
while maintaining the confidentiality if this is desirable. 

Due to network constraints it is desirable to send also this information using IP- 
multicast even though it will reach non-interested receivers. These network con- 
straints include for example firewalls and other corresponding security arrangements 
where the receiver might only have IP-multicast access or only access to a portal, 
i.e. a so-called reflector. 

Brief description of the drawings 

The features, objects, and further advantages of this invention will become apparent 
by reading this description in conjunction with the accompanying drawings, in 
which like reference numerals refer to like elements and in which: 

Fig 1 illustrates a schematic overview of the apparatus for distribution of a streamed 
signal within a group of users according to the present invention. 



Fig 2 is a signalling chart representing the content of a header added to distributed 
data packets according to the present invention. 
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The following description is of the best mode presently contemplated for practising 
the invention. The description is not to be taken in a limiting sense, but is made 
merely for the purpose of describing the general principles of the invention. The 
scope of the invention should be ascertained with reference to the issued claims. 

According to the present invention, the Internet is used as a means for distribution 
of streamed media. Use of the Internet is the optimal solution as long as it provides a 
reliable connection having sufficient transmission rates, without network congestion 
problems. The invention does not lead to undesired overload within the computer 
networks with unnecessary amounts of raw data, and the raw data can be com- 
pressed to require even less transmission capacity. The amount of data distributed 
through the network is reduced, since the data stream sent as a copy from one client 
terminal to other associated client terminals can be compressed, as a result of which 
the total amount of data transmitted over the network is reduced. 

The implementation of the invention is based on addition of a special header to pri- 
vate packets being part of transmitted information in a network. The packets identify 
the receivers and these packets are filtered on the receiving side of the distribution 
channel, although every participating member in a communication group actually 
receives the identifiable data. This is implemented in practice using a special header 
extension which is available in the Real-time Transport Protocol standard for identi- 
fying that header extensions actually exist in the packet. 

The invention is not limited to an}' particular type of data but is applicable for any 
type of information transmitted, such as for audio, video, chat, etc. 



With reference to Fig 1, a schematic overview illustrates the apparatus for distribu- 
tion of a streamed signal within a group of users in a computer network. A plurality 
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of client terminals 10, 20, 30, 40 connected to a distributing globally connected 
computer network, such as the Internet via connecting links 12, 22, 32, 42. The con- 
necting lines may be various wired connections, but likely for use already today or 
at least in a near future are also wireless transmission technologies, such as access 
technology based on infrared, Bluetooth or wireless-LAN. Connection means used 
in association with the present invention will be developing with new and emerging 
access technologies. To each host is coupled image capturing means 16, 26, 36, 46, 
preferably a so-called web-camera, a digital camera or a digital video camera. 
Moreover, audio capturing means 18, 28, 38, 48, in the form of a microphone ar- 
rangement is connected to each client terminal as well as filtering means 14, 24, 34, 
44. 



The client terminals themselves arrange the distribution of the data stream to other 
multicast group members. This is an autonomous function between client terminals 

15 as soon as the participants in a group are defined and authorised. There may be ar- 
ranged a central administration entity, preferably in the form of a portal handling ac- 
cessibility of users willing to participate in a multicast group of users. Necessary 
identification, authentication and authorisation of users to a group is carried out by 
means of the central administration entity, i.e. the portal interfacing between the en- 

20 tity and users, but a detailed description of those steps clearly goes beyond the scope 
of this application and is therefore omitted here. . 

With particular reference to Fig 2, parts of the previously mentioned Real-time 
Transfer Protocol (RTP) is depicted. The protocol comprises a part of the header 
25 called the extension bit. When this bit is determined, the normal RTP header is fol- 
lowed by a new RTP header extension having a content of at least 4 bytes of data. 
This new extension header is placed between the RTP header and the RTP payload, 
which contains the actual content to be distributed, such as for example the video 
stream of a multicast session. 
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The extension name is set to a common identifier, identifying this extension as a 
filter destination. In accordance with a preferred embodiment of the invention, the 
filter destination header is identified by the bytes numbered 77 and 65. The "length" 
field is the total length of the header extension including the first 4 bytes. Reference 
5 is here made to the RTP specification IETF RFC 1 889 (request for comments) where 
the first 4 bytes are defined. V which is found far left in Fig 2 defines two bits 
primarily intended for making changes possible within the header extension. "X" 
denotes an unused field in the header, "cmd" is a command that allows alternative 
use of the header extension. The reason for this possible alternative use is that a 

10 stream can only contain one RTP header extension per packet if it is to conform 

with the RTP specification. In this case the command cmd is set to 0. "dest number" 
is the number of destinations in this particular packet, which may be any number 
relating to the size of the sub-group of intended recipients, "real payload" is the type 
of data being sent in this packet. The real RTP header contains a payload type field 

15 and just as the case of other applications, there are not intended to be able to decode 
the data by leaving out the extension header. This extension header is originally set 
to the original value of 127. This number denotes, in accordance with the mentioned 
RTP specification, "unspecified" and then includes the real payload type. This will 
lead to applications that do not interpret this header extension to dispose of the 

20 packet. ID1, ID2, ... are the unique identifiers for the intended destination, i.e. who 
the intended recipient of this packet is. 

Realisation of the addition of an extension header to a data packet can be carried out 
in accordance with the following embodiment. The sender is sending data to every- 

25 body in the group, the group by way of example comprising three users. There users 
are userl (id=10), user2 (id=20) and user3 (id=30). For any reason, the sender of 
data may be interested in sending a data packet to only "userl" and "user3". This is 
denoted a private audio conversation, or a so-called whisper within the group com- 
munication. The new packet is composed with the header extension bit set to 1 and 

30 header extension is added after the RTP header as previously described with refer- 
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ence to Fig 2. This extension header will comprise "dest nummer" = 2 and "ID1" = 
10 and "ID2" = 30. Subsequently a packet is sent to the whole group and is received 
by all three users (userl, user2 and user3). The second user, i.e. user2 will also re- 
ceive this packet and decode the extension header but will not find itself in the des- 
5 tinations list and it will therefore dispose of the packet. 

However, the other users, i.e. userl and user3, will decode the extension header, 
-find themselves in the destination list and handle the data according to the payload 
type defined in the "real payload" type field. 

10 

In accordance with the present invention, software is developed in parallel with the 
apparatus for distribution of signals. The software resides in a memory associated 
with said apparatus. The software is designed for instructing the hardware to carry 
out sequential method steps previously described in this application. 
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Claims M^r <MU^SW 

1. Apparatus for distribution of a streamed signal within a group of users in a com- 
puter network, the users accessing client terminals (10, 20, 30, 40) for participa- 
tion in a multicast session, the apparatus comprising, 

connecting links (12, 22, 32, 42) adapted to connect the client terminals 
of users and related equipment, such as capturing means (16, 26. . 18, 28. . .), to 
the multicast session, preferably via the Internet or other interconnecting net- 
work, 

an extension header being added to data packets of the streamed signal, 
the extension header comprising identification data relating to the intended re- 
cipient of a packet, 
characterised in that 

a filtering means (14, 24, 34, 44) associated with the receiving client 
adapted to filter out data packets having the address of the recipient and receiv- 
ing the streamed signal. 

2. Apparatus for distribution of a streamed signal according to claim 1, character- 
ised in that 

the transmitted signal is encoded by the sending client terminal and de- 
coded by the intended recipient only at the receiving client terminal by means of 
a separately provided decryption key. 

3 . Method for distributing a streamed signal via the Internet or other interconnect- 
ing network within a group of users in a computer network, the users accessing 
client terminals (10, 20, 30, 40) for participation in a multicast session, the 
method comprising the steps of, 

adding an extension header to data packets of the streamed signal, the 
extension header identifying the intended recipient of a packet, 
characterised by 
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filtering out data packets having identification data corresponding to the 
recipient and allowing them to pass through a filtering means (14, 24, 34, 44), 
which is associated with the receiving client. 



5 4. Computer program product for distributing a streamed signal within a group of 
users in a computer network, the computer program product being integrated and 
transmissible between comprised units according to claims 1-2, and the com- 
puter program product being adapted for carrying out the method steps of claim 
3. 
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